[SOLVED] libvirtd fails to start, kernel 5.2.8-towo.3

Begonnen von dibl, 2019/08/11, 13:17:15

Vorheriges Thema - Nächstes Thema
Drucken
Nach unten Seiten1 2
Benutzer-Aktionen

dibl

2019/08/11, 13:17:15 Letzte Bearbeitung: 2019/08/11, 17:00:05 von dibl
After installing kernel 5.2.8-towo.3-siduction-amd64, libvirtd will not start.

from journalctl -xe:

Code Auswählen

-- A stop job for unit libvirtd.service has finished.
--
-- The job identifier is 2378 and the job result is done.
Aug 11 07:02:37 dibl-patience systemd[1]: libvirtd.service: Start request repeated too quickly.
Aug 11 07:02:37 dibl-patience systemd[1]: libvirtd.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit libvirtd.service has entered the 'failed' state with result 'exit-code'.
Aug 11 07:02:37 dibl-patience systemd[1]: Failed to start Virtualization daemon.
-- Subject: A start job for unit libvirtd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit libvirtd.service has finished with a failure.
--
-- The job identifier is 2378 and the job result is failed.

libvirtd runs correctly with 5.2.7-towo.1.
System76 Oryx Pro, Intel Core i7-11800H, ASRock B860 Pro-A, Intel Core Ultra 7 265KF, Nvidia GTX-1060, SSD 990 EVO Plus.

towo

#1
2019/08/11, 15:39:35
Please start your system with apparmor=0 as kernel parameter and try again.
Ich gehe nicht zum Karneval, ich verleihe nur manchmal mein Gesicht.

jure

#2
2019/08/11, 16:51:13
here thunderbird (60.8.0-1) did not start with 5.2.8-towo.3.
No problem with 5.2.8-towo.2

Code Auswählen
/usr/bin/thunderbird %u
Unable to init server: Socket kann nicht angelegt werden: Keine Berechtigung
Error: cannot open display: :0
Gruss Juergen

dibl

#3
2019/08/11, 16:59:36
Zitat von: towoPlease start your system with apparmor=0 as kernel parameter and try again.

Good!  This solves the problem with libvirtd -- thank you.
System76 Oryx Pro, Intel Core i7-11800H, ASRock B860 Pro-A, Intel Core Ultra 7 265KF, Nvidia GTX-1060, SSD 990 EVO Plus.

DeepDayze

#4
2019/08/11, 21:29:04
So this is a bug with apparmor?

dibl

#5
2019/08/11, 21:58:33
Zitat von: DeepDayzeSo this is a bug with apparmor?

One of many, I think.  When I ran journalctl to look for the libvirtd problem, I saw multiple other apparmor-related error messages, pertaining to dbus and cupsbrowsd and others.  The libvirtd error didn't mention apparmor -- apparently @towo knows about that one.
System76 Oryx Pro, Intel Core i7-11800H, ASRock B860 Pro-A, Intel Core Ultra 7 265KF, Nvidia GTX-1060, SSD 990 EVO Plus.

martinwprior

#6
2019/08/13, 01:53:12
After the upgrade yesterday I could not use my printer or cups via localhost. Using the apparmor=0 kernel parameter fixed the problem

vilde

#7
2019/08/13, 11:24:22
My I ask. Is the problem still there?

If yes my opinion is that it's not solved then. We have a workaround but that's not the same as solved. So I wouldn't put solved in the head.



towo

#8
2019/08/13, 11:45:07
Sure it's solved and not a workaround. I would bet you all have apparmor installed on your system. Since our FrOScon meeting i have applyed  apparmor-next security patch to our kernel. With this new version, apparmor even can operate on network stack. Without configuring apparmor, it restricting nearly anything, apparmor=0 disables the whole apparmor.
Ich gehe nicht zum Karneval, ich verleihe nur manchmal mein Gesicht.

finotti

#9
2019/08/13, 12:36:19
I'm sorry if I am being obtuse here, but why add apparmor to the kernel if we need to disable it on boot?  Or is apparmor-next different from apparmor and the former is still running if disabling the latter?  If not, being a security feature, is it wise to disable it?

towo

#10
2019/08/13, 12:40:50
apparmor was allways in kernel and allways enabled as default security option.
On FrOScon we had questions about restricting userspace applications on network stack.
That would be only possible with apparmor-next, which was only available on opensuse and ubuntu.
So i added apparmor-next to our kernel, to make such users happy, who needs that functionality.
If you have no interest in apparmor, easy apt purge apparmor.
Ich gehe nicht zum Karneval, ich verleihe nur manchmal mein Gesicht.

finotti

#11
2019/08/13, 12:43:31
Zitat von: towo in 2019/08/13, 12:40:50
apparmor was allways in kernel and allways enabled as default security option.
On FrOScon we had questions about restricting userspace applications on network stack.
That would be only possible with apparmor-next, which was only available on opensuse and ubuntu.
So i added apparmor-next to our kernel, to make such users happy, who needs that functionality.
If you have no interest in apparmor, easy apt purge apparmor.
Thanks for explanation, towo!
Is it fair to say that the "average user" (like yours truly) does not need apparmor and can safely purge it?

towo

#12
2019/08/13, 13:06:41
apparmor is releative useles, if it is not fine granuated configured for security rules.
This applies in particular for that new version which is now available from kernel side.
The apparmor user space tools in debian are the old ones, maybe the problems with
default configured apparmor rules will be gone, when apparmor 2.14 becomes available in debian.
Ich gehe nicht zum Karneval, ich verleihe nur manchmal mein Gesicht.

vilde

#13
2019/08/13, 16:52:34
OK, thank you towo for explaining. For me I solve it then by purging apparmor.

tommy2

#14
2019/08/16, 15:21:18
@towo, can I just purge apparmor and you say as it is not needed? Having too many cups problems at the moment related to denies from apparmor.
Drucken
Nach oben Seiten1 2
Benutzer-Aktionen